[WIP] Remove confusing --use-xattrs option from samba-tool domain provision

Andrew Bartlett abartlet at samba.org
Mon Sep 5 03:24:53 UTC 2016 

On Sun, 2016-09-04 at 14:07 +0100, Rowland Penny wrote:
> On Sun, 04 Sep 2016 22:32:46 +1200
> Andrew Bartlett <abartlet at samba.org> wrote:
> 
> > 
> > We keep it if built with NTVFS support, but it should cause less
> > confusion once most users stop seeing it. 
> > 
> > I realise this may break some scripts, but in this case I think it
> > is
> > worth it for the simplification. 
> > 
> > This isn't for 4.5 (we don't change this kind of thing during an
> > RC),
> > but should help simplify things for 4.6, and make it clear to
> > others
> > that the default of --use-xattr is and has always been perfectly
> > correct. 
> > 
> > I'm running an autobuild to confirm I haven't broken anything
> > else. 
> > 
> > Comment welcome.
> > 
> > Andrew Bartlett
> 
> Hi Andrew, there is this in the patch header:
> 
> The only reasonable use --use-xattrs=no should be used is in
> selftest,
> and there is no need for that or --use-xattrs=auto without
> --use-ntvfs, all systems we support in production for the AD DC have
> xattrs, as using smbd needs posix ACLs.
> 
> I take it we are no longer supporting UNIX OS's, because from my
> testing on Freebsd, you cannot provision an AD DC on that OS, this is
> because '--use-ntvfs' has been removed from the options and Freebsd
> uses ntvfs4 ACLs.
> 
> Can I also ask why, now that we only seem to support OS's that also
> support posix ACLs, why we are still using ntvfs, wouldn't this be a
> good time to get rid of it. I mean, what is the point of keeping code
> around that will never be used except for testing against.

The question of only supporting OS versions with POSIX ACLs is
orthogonal to the patch, and the requirements that trouble you are
unchanged since Samba 4.0 was released (because we always said the
NTVFS file server was not for production use).  

While at a high level the steps required to have Samba work on an NFSv4
ACL backed filesystem seem reasonable, no user or developer has found
it important enough to produce a patch. 

At this time the effort to remove the NTVFS file server is non-trivial, 
so --enable-selftest enables --with-ntvfs-fileserver.  Eventually I'll
find a way to do this only for the in-tree, rather than installed
binaries.

In the meantime, the patch has passed a private autobuild, so I would
like to push it.  Can you clarify if Alexander and I have addressed
your concerns?

Thanks,

Andrew Bartlett

-- Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list